mirror of
https://github.com/tailscale/tailscale.git
synced 2024-12-01 14:05:39 +00:00
58 lines
1.4 KiB
YAML
58 lines
1.4 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: fwegress
|
|
namespace: tailscale
|
|
spec:
|
|
# TODO: experiment with upgrade strategy
|
|
replicas: 2
|
|
selector:
|
|
matchLabels:
|
|
app: fwegress
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: fwegress
|
|
spec:
|
|
serviceAccount: fwegress
|
|
readinessGates:
|
|
- conditionType: TailscaleRoutesReady
|
|
initContainers:
|
|
- name: sysctler
|
|
image: tailscale/alpine-base:3.18
|
|
securityContext:
|
|
privileged: true
|
|
command: ["/bin/sh", "-c"]
|
|
args: [sysctl -w net.ipv4.ip_forward=1 && if sysctl net.ipv6.conf.all.forwarding; then sysctl -w net.ipv6.conf.all.forwarding=1; fi]
|
|
containers:
|
|
- image: gcr.io/csi-test-290908/k8s-fwegress:v0.0.20
|
|
imagePullPolicy: IfNotPresent
|
|
name: fwegress
|
|
env:
|
|
- name: TS_DEBUG_FIREWALL_MODE
|
|
value: "auto"
|
|
- name: TS_EGRESS_SVC
|
|
value: "kuard"
|
|
- name: POD_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.name
|
|
- name: POD_IP
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: status.podIP
|
|
securityContext:
|
|
capabilities:
|
|
add:
|
|
- NET_ADMIN
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: fwegress
|
|
namespace: tailscale
|
|
spec:
|
|
selector:
|
|
app: fwegress
|
|
clusterIP: None
|
|
type: ClusterIP |